fix apache HTTP2HTTPS redirect config

author Ralf Jung <post@ralfj.de>

Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)

committer Ralf Jung <post@ralfj.de>

Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)
author Ralf Jung <post@ralfj.de>
Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)
committer Ralf Jung <post@ralfj.de>
Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)
diff --git a/roles/apache/templates/ssl.conf b/roles/apache/templates/ssl.conf

index 5fa87c39c424e28bb2f9f17fce0a06687c1072b5..6a0b99f021e2c657cfd00508c118c9f17290f1ef 100644 (file)
--- a/roles/apache/templates/ssl.conf
+++ b/roles/apache/templates/ssl.conf
@@ -6,7 +6,14 @@
  <Macro HTTP2HTTPS $domain>
      <VirtualHost *:80>
          ServerName $domain
  <Macro HTTP2HTTPS $domain>
      <VirtualHost *:80>
          ServerName $domain
-        Redirect permanent / https://$domain/
+        # Apparently you need the rewrite engine to implement
+        # a simple "redirect all except for..." policy. Amazing.
+        RewriteEngine on
+        # Do *not* redirect the acme-challenge dir to https, since otherwise the
+        # challenge cannot be fetched when there is no certificate yet for this domain.
+        RewriteRule ^/\.well-known/acme-challenge/(.*) /srv/acme-challenge/$1 [L]
+        # Make the upgrade to HTTPS a "permanent" redirect.
+        RewriteRule ^/(.*) https://$domain/$1 [R=301,L]
      </VirtualHost>
  </Macro>
  
      </VirtualHost>
  </Macro>
author	Ralf Jung <post@ralfj.de>
	Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)
committer	Ralf Jung <post@ralfj.de>
	Mon, 2 Sep 2024 13:21:35 +0000 (15:21 +0200)